REMARKS 

Claims 1-32 are pending in this application and stand rejected by the examiner. Claims 1 
and 30-32 are independent claims. Assignee traverses the rejections. 

Specification 

The office action objected to the disclosure because of certain informalities. Based on 
the recommendations in the office action, the assignee has corrected the specification and 
respectfully requests that the instant objections be withdrawn. 

Claim Rejections - 35 U.S.C. § 112 

Claims 1-3, 7, 8, 11-15, 18, 20, 23, and 29 stand rejected in the office action under 35 
U.S.C. § 112, second paragraph, as being indefinite for failing to particularly point out and 
distinctly claim the subject matter which applicant regards as the invention. These claims are 
amended herein to address the § 112 rejections. 

With respect to claim 3, the office action commented that the claim appears to recite 
sending the seed value, originally sent by the remote device to the authentication system, from 
the authentication system back to the remote device. Assignee respectfully disagrees. Claim 3 
recites that the authentication information store includes a seed store configured to store a 
plurality of seeds, and that the authentication system is configured to perform a set of operations, 
such as receiving a seed request from the remote device and to return a retrieved seed to the 
remote device if the calculated access code matches the received code. Accordingly the remote 
device in claim 3 is only providing the request for a seed, and in response to the request, the 
authentication system is sending the seed to the remote device. 
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With these amendments and remarks, assignee respectfully submits that the instant 
rejections have been traversed and the claims should be allowed. 

Claim Rejections - 35 U.S.C. §§ 102, 103 

Claims 1-19, 24-29, and 31 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over U.S. Patent No. 6,161,185 issued to Guthrie et al. Claims 20-23 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Guthrie in view of U.S. Patent No. 6,615,353 issued 
to Hashiguchi. Claims 30 and 32 stand rejected under 35 U.S.C. § 102(b) as being anticipated by 
Guthrie. These rejections are traversed. 

Claim 1 is directed to a system for distributing authentication information to users of 
remote devices. Claim 1 recites in combination with its other limitations that an authentication 
information store stores authentication information for a plurality of users, and that the 
authentication system retrieves the authentication information for one of the plurality of users 
from the authentication information store. The retrieved authentication information is provided 
to the remote device. 

The office action rejects claim 1 based upon Guthrie. On page 6, the office action 
equates the users' authentication information (of claim 1) with tables of a user account database 
that includes account IDs (as disclosed in Guthrie at column 5, lines 35-42). The office action 
acknowledges that Guthrie does not disclose that the user account table is provided to a remote 
device. The office action then maintains that "it would have been obvious to one of ordinary 
skill in the art at the time of invention to send the authentication information [(i.e., user account 
table)] back to the remote device." 
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Assignee respectfully disagrees. The Guthrie reference actually teaches away from the 
sending of such sensitive user information from a server to a remote device. Guthrie discloses 
that server-side sensitive authentication data in the user account table (e.g., a user's 
authentication password) is "never transmitted over the network where it could be exposed or 
compromised." (See Guthrie at column 4, lines 25-28). Figure 4 of Guthrie makes this clear that 
such data is never transmitted from the server over the network. In fact, only two pieces of 
information are passed from the server to the remote device: the challenge and the information 
about whether an authentication succeeded or failed. Neither of these pieces of information is 
stored in the user account database, though. Accordingly sending the information contained in 
the user account table (which the office action mentions and equates with the authentication 
information recited in claim 1) over a network would violate the teachings of Guthrie. This is in 
stark contrast to claim 1, which recites retrieving authentication information from a store and 
sending it to the remote device. 

As discussed above, the office action equates the users' authentication information (of 
claim 1) with tables of a user account database that includes account IDs (as disclosed in 
Guthrie, column 5, lines 35-42). In addition to the reasons mentioned above, information such as 
account ID would not be transmitted in Guthrie from the server to the client because the client 
already has this information in order to access the server in the first place. (See step 2 on Figure 
4 of Guthrie.) Because of such differences from Guthrie, claim 1 is patentable over Guthrie and 
therefore should be allowed. Because claim 1 is allowable, its dependent claims are also 
allowable. 

Assignee also respectfully disagrees with other positions in the office action. For 
example, assignee respectfully disagrees with the rejection of claim 3 that is based upon Guthrie. 
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Claim 3 recites in combination with its other limitations that the authentication system is 
configured to receive a seed request. The office action states that this is disclosed by Guthrie at 
column 7, lines 5-6, which reads, "the client then transmits the response produced by the client 
SADB calculator to the server." Even assuming arguendo that Guthrie is discussing a seed, this 
passage from Guthrie (which is discussed within the context of step 5 shown in figure 4 of 
Guthrie) does not disclose a request for a seed as required by claim 3. Rather, as is shown in 
Figure 4 of Guthrie, this step, labeled as step 5 in the figure, is in fact a response to a previous 
request (i.e., the challenge sent by the server). A response to a request does not disclose an 
authentication system configured to receive a seed request as required by claim 3. Thus, claim 3 
is patentable over Guthrie and should be allowed. 

In rejecting the other independent claims, the office action cites Guthrie as disclosing the 
subject matter recited in claims 30-32. Assignee respectfully disagrees. These claims refer to a 
request for the authentication information that is stored in an authentication data store. After 
authentication of the user, the authentication information (that is stored in the data store) is 
returned to the remote device so that the remote device may access computer resources based 
upon the returned authentication information. Guthrie does not disclose such limitations. As 
shown above, Guthrie never discloses that authentication information from an authentication 
information store is transmitted to a remote device. To stretch Guthrie to do this would go 
against Guthrie's express purpose of not transmitting stored authentication information over a 
network to a remote device. Because Guthrie discloses such a different approach than the 
respective subject matter in claims 30-32, these claims are allowable and should proceed to 
issuance. 
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CONCLUSION 

For the foregoing reasons, assignee respectfully submits that the pending claims are 
allowable. Therefore, the examiner is respectfully requested to pass this case to issuance. 



Respectfully* submitted, 



By: i ^M^ \p lL-~~*J^ 



John w. Biernacki 
Reg. No. 40,511 
JONES DAY 

North Point; 901 Lakeside Avenue 
Cleveland, OH 441 14 
(216) 586-3939 
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